upstream commit
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
diff --git a/monitor.c b/monitor.c
index bc4f039..8f5ab72 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.144 2015/02/16 22:13:32 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.145 2015/02/20 22:17:21 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -693,7 +693,7 @@
u_char *signature;
size_t datlen, siglen;
int r, keyid, is_proof = 0;
- const char proof_req[] = "hostkeys-prove@openssh.com";
+ const char proof_req[] = "hostkeys-prove-00@openssh.com";
debug3("%s", __func__);
@@ -723,9 +723,9 @@
fatal("%s: no hostkey for index %d", __func__, keyid);
if ((sigbuf = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__);
- if ((r = sshbuf_put_string(sigbuf, session_id2,
+ if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
+ (r = sshbuf_put_string(sigbuf, session_id2,
session_id2_len) != 0) ||
- (r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
(r = sshkey_puts(key, sigbuf)) != 0)
fatal("%s: couldn't prepare private key "
"proof buffer: %s", __func__, ssh_err(r));